Methods and systems for proofing identities using a certificate authority

ABSTRACT

A digital certificate is provided to a customer having an electronic account linked to the customer&#39;s physical address. Using the digital certificate, the customer performs electronic transactions with a third party. A proofing workstation receives a request from a third party to validate the digital certificate. The proofing workstation communicates with a proofing server that maintains a list of valid certificates and a list of revoked certificates. The proofing server sends a response to the proofing workstation, where it is received by the third party.

I. RELATED APPLICATIONS

This application is a division of application Ser. No. 09/809,325, filed Mar. 16, 2001, which claims the benefit of U.S. Provisional Patent Application No. 60/189,983, filed Mar. 17, 2000, all of which are incorporated herein by reference.

II. BACKGROUND OF-THE INVENTION

A. Field of the Invention

The present invention relates to systems and methods for providing electronic communications to a customer. More particularly, the invention relates to systems and methods for providing an electronic account and other services to a customer by linking the customer's electronic address to a physical address where the customer receives physical mail.

B. Description of the Related Art

The United States Postal Service (USPS) is an independent government agency that provides mail delivery and other services to the public. The USPS is widely recognized as a safe and reliable means for sending and receiving mail. With the steady growth of electronic communication and commerce, consumers and businesses need a secure way to communicate and conduct business electronically. Without trustworthy channels of communication, many potential participants in electronic commerce are unwilling to send sensitive information, e.g., credit card numbers, electronically, thus limiting the utility of electronic commerce to all individuals.

Electronic mail, or e-mail, is a well-known means of communication for individuals and businesses with access to computers and Internet connections. When a user establishes an account with an e-mail service provider, e.g., America Online™ or Hotmail™, the user is assigned a unique e-mail address, e.g. joesmith@aol.com. Another individual can send a message to the user by entering the user's e-mail address along with the message and sending it via the Internet. E-mail can provide almost instant message delivery among individuals and businesses over vast distances for very little or no cost. E-mail also presents an opportunity for businesses to advertise to potential customers in a new way, e.g., by sending bulk advertisements via e-mail.

Despite the advantages of e-mail, there are several drawbacks. Because e-mail is received and viewed electronically, e-mail does not reach those who are not “online.” In this way, e-mail contributes to the so-called “technology gap” between individuals with access to computers and computer technology and individuals who cannot afford or who do not understand computers and computer technology.

Additionally, the simplicity and low cost of e-mail make it an easy vehicle for unwanted messages, e.g, unsolicited advertisements or “spam.” Both individuals and businesses demand the capability to inhibit the receipt of unwanted e-mail.

Furthermore, e-mail messages are also insecure, and can be intercepted en route by unknown third parties. Businesses and consumers who communicate electronically need to know that their messages are private, and that they can rely on the address to correctly identify the sender and/or recipient.

Therefore, it is desirable to provide a system for communicating electronically that is available to everyone, that gives consumers control over the content of communications received, and that provides a secure and reliable way to conduct transactions electronically.

III. SUMMARY OF THE INVENTION

Systems and methods consistent with the present invention overcome the shortcomings of conventional systems by establishing an electronic account for a customer on a network, where the customer's electronic address is linked to the customer's physical address. As with a conventional electronic account, a customer is able to send and receive e-mail, as well as conduct electronic transactions. However, the electronic account ensures flexible and secure communications by linking a customer's electronic address to the customer's physical address. Systems and methods consistent with the present invention may be implemented by the USPS. Moreover, such a USPS electronic account may provide electronic access to all persons, i.e., a person with a USPS physical address may also have a USPS electronic account.

A method consistent with the present invention issues a digital certificate for a user on a network in response to receiving a request for a digital certificate for the user having an electronic account, wherein the electronic account is linked to a physical address of the user. A certificate authority generates the digital certificate for the user, wherein the digital certificate includes information enabling authentication of a transaction on the network, and the digital certificate is linked to the electronic account of the user.

Another method consistent with the present invention processes a request for a digital certificate from a user. A proofing workstation receives user information for a user with an electronic account, wherein the electronic account is linked to a physical address of the user. The proofing workstation also receives identification information from the user. The user information is matched to the identification information by the proofing workstation, and an identification verification is sent from the proofing workstation to a proofing server, when the user information has been matched to the identification information.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

IV. BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate several embodiments of the invention and, together with the description, serve to explain the principles of the invention.

In the drawings:

FIG. 1 is a high level block diagram of a system for providing an electronic account to a customer;

FIG. 2 is a high level block diagram of a system for linking an electronic address to a physical address of a customer;

FIG. 3 depicts one embodiment of a link between an electronic address and a physical address of a customer;

FIG. 4 is a high level block diagram of a system for providing services to a customer using an electronic account consistent with the present invention;

FIG. 5A is a high level block diagram of a system for establishing an electronic account for a customer;

FIG. 5B illustrates an embodiment of an identity validation (IDV) form consistent with the present invention;

FIG. 6 is a more detailed diagram of a system for establishing an electronic account for a customer;

FIG. 7 is a block diagram of an application server consistent with the present invention;

FIG. 8 depicts an embodiment of an electronic account number consistent with the present invention;

FIG. 9 is a flowchart of an address matching process performed by a registration system consistent with the present invention;

FIG. 10 is a block diagram of standardized address information processed by an address matching engine consistent with the present invention;

FIG. 11A depicts an embodiment of the relationship between an ICRS database and a master address database;

FIG. 11B depicts an alternative embodiment of the relationship between an ICRS database and a master address database;

FIG. 11C depicts another alternative embodiment of the relationship between an ICRS database and a master address database;

FIG. 12 is a block diagram of a bulk mailing service using an Internet customer registration system consistent with the present invention;

FIG. 13 is a block diagram of services using a customer registration system consistent with the present invention;

FIG. 14 is a block diagram of services that can be provided as part of an electronic mailbox consistent with the present invention;

FIG. 15 is a block diagram of an advertisement filtering service that can be provided as part of an electronic mailbox consistent with the present invention;

FIG. 16 is a block diagram of an e-mail service that can be provided as part of an electronic mailbox consistent with the present invention;

FIG. 17 is a block diagram of an electronic postmark service that can be provided as part of an electronic mailbox consistent with the present invention;

FIG. 18 is a block diagram of a secure electronic mailbox that can be provided as part of an electronic mailbox consistent with the present invention;

FIGS. 19A-19W are screen shots of a user interface for a registration system consistent with the present invention;

FIG. 20 depicts some classes of messages that can be processed by a secure electronic mailbox;

FIG. 21 is a block diagram of a system for enabling a customer to approve or disapprove electronic messages using a secure electronic mailbox;

FIG. 22 is a flowchart of secure electronic mailbox processing consistent with the present invention;

FIG. 23 is a flowchart of a process for a customer to enroll in an electronic bill presentment and payment system consistent with the present invention;

FIG. 24 is a flowchart of a process for a customer to activate an electronic bill presentment and payment account consistent with the present invention;

FIG. 25 is a flowchart of a process for a biller to register for an electronic bill presentment and payment system consistent with the present invention;

FIG. 26 is a flowchart of a process for presenting bills to a customer using the electronic account system;

FIG. 27 is a flowchart of bill delivery notification consistent with the present invention;

FIG. 28 is a flowchart of an embodiment in which the EBPP system stores bill summaries and bill details;

FIG. 29 is a flowchart of an embodiment in which the biller stores bill details;

FIG. 30 is a flowchart of an embodiment in which an EBPP system is provided by a third party and offered to the payer via the electronic account system;

FIG. 31 is a flowchart for processing an electronic payment consistent with conventional systems;

FIG. 32 is a flowchart of one embodiment of a method for processing an electronic bill payment method using the present invention;

FIG. 33 is a flowchart of another embodiment of an electronic bill payment method consistent with the present invention;

FIG. 34 illustrates additional services that can be provided through an electronic account consistent with the present invention;

FIG. 35 is a block diagram of a system for providing a certificate authority for proofing identities consistent with the present invention;

FIG. 36 is a block diagram of a digital certificate consistent with the present invention;

FIG. 37 is a block diagram of a certificate authority consistent with the present invention;

FIG. 38 is a block diagram of a proofing server consistent with the present invention; and

FIG. 39 is a block diagram of a proofing workstation consistent with the present invention.

V. DETAILED DESCRIPTION

A. Introduction

Systems and methods consistent with the present invention provide an electronic account for a customer on a network, where the customer's electronic address is linked to the customer's physical address. As with a conventional electronic account, a customer is able to send and receive e-mail as well as conduct electronic transactions. Additionally, an electronic account consistent with the present invention ensures flexible and secure communications by linking a customer's electronic address to the customer's physical address.

Embodiments described herein include systems and methods for providing an electronic account to a customer, linking a customer's electronic address to a physical address of the customer, establishing an electronic account using an Internet Customer Registration System, providing a secure electronic mailbox, and providing a certificate authority for proofing identities.

B. Providing Electronic Account to a Customer

FIG. 1 is a high level block diagram of a system for providing an electronic account to a customer. A customer 100 can use a computer, e.g., a personal computer, to log onto a network 102, such as the Internet, to establish an electronic account 104. Electronic account 104 enables customer 100 to access a wealth of electronic services, including e-mail and electronic transactions. These services can be both secure and non-secure and can be provided by any service provider, such as an online merchant, a government agency, or a bank.

When electronic account 104 is established, it is linked to a physical address of customer 100. Typically, the physical address corresponds to a location where the user receives physical mail, such as via the USPS or other entity. In this way, anyone who receives mail at a physical address can establish an electronic account consistent with the present invention. The physical address can be a home address, Post Office box, business address, etc. Electronic account 104 can also include an electronic address, such as an e-mail address, for customer 100.

To provide electronic services to customer 100, a service provider can communicate with customer 100 via electronic account 104. If electronic account 104 is linked to customer 100's physical address and e-mail address, the service provider can send a communication to electronic account 104 and request delivery to either the physical address or the e-mail address, or both. If such a communication directed to customer 100 contains an incomplete address, the complete address can be determined using electronic account 104. As an added service, the sender, i.e., the service provider, could be informed of the complete address as part of an address correction service.

Electronic account 104 can allow customer 100 to receive an electronic message in physical form at a physical address. In this way, the present invention makes e-mail available even to people without regular access to a computer. For example, a customer could use a public computer, e.g., at a public library, to establish an electronic account and obtain a vanity e-mail address. Thereafter, any messages sent to the e-mail address would be received at the electronic account and could be printed and delivered to the physical address linked to the electronic account. The USPS or another company could offer this service to help bridge the technology gap.

Customer 100 can also link a temporary address, either physical or electronic, to electronic account 104 to request that messages be delivered to the temporary address for a given period of time. For example, a businessman might have an electronic account with preferred e-mail and physical addresses at his office. When he takes a two-week business trip, he can use his electronic account to have his messages delivered to a new, temporary address, such as a cellular phone or a computer in a hotel. Service providers sending the messages to the businessman would not need to know about his temporary address. All communications would still be directed to the electronic account.

C. Linking Electronic Address to a Physical Address of a Customer

FIG. 2 is a high level block diagram of a system for linking an electronic address to a physical address of a customer. Systems consistent with the present invention provide a link 204 between a customer's electronic account 104 and a physical address 202 of the customer. Link 202 can provide added security to protect the customer's privacy, for example, by leveraging a trusted third-party resource such as the USPS master address database.

FIG. 3 depicts one embodiment of a link between an electronic address and a physical address of a customer. Link 204 can be implemented using an electronic account number 302 that corresponds to electronic account 104. Electronic account number 302 can be generated when electronic account 104 is created. Electronic account number 302 can be linked to a customer's electronic address 304, e.g., a vanity e-mail address, and the customer's physical address 306. The electronic address could also be, for example, a facsimile number or telephone number. In one embodiment, a customer can choose the construction of vanity e-mail address 304 (e.g., joesmith@usps.gov). Physical address 306 is typically where the customer receives mail. For example, physical address 306 can be the customer's residence expressed as ‘123 Main Street, Memphis, Tenn. 38118.’ Consistent with the present invention, the customer can provide the physical address to be linked to the electronic account, so a customer could select a home address or a work address, for example.

When the customer provides the physical address, the electronic account system can submit it to an address matching engine that communicates with an address database. The address matching engine submits the address as a query to the address database, which returns a standardized physical address to be linked to the electronic account. In one embodiment, the standardized physical address conforms to a pre-approved format and includes a nine-digit ZIP code. In this way, the physical address linked to the electronic account is as complete and correct as possible, even if the customer submitted only a partial address (e.g., only a 5-digit ZIP code). This address matching process is described in detail below with reference to FIG. 9.

FIG. 4 is a high level block diagram of a system for providing services to a customer using an electronic account consistent with the present invention. An electronic account 402 for a customer links an electronic address, e.g., a vanity e-mail address, an electronic account number, and a physical address of the customer. Electronic account 402 communicates with a plurality of services 404 via a network 406. Network 406 can be, for example, the Internet. Using electronic account 402, services 404 can create physical messages to be sent to the customer's physical address as well as electronic messages to be sent to the customer's electronic address. As depicted in FIG. 4, services 404 communicate with electronic account 402, and therefore do not need to know the customer's electronic address or physical address. This enables the customer to take advantage of electronic services while protecting the customer's privacy.

A service 404 can leverage the electronic account to send a message to a plurality of customers. For example, a marketing firm could submit a physical mailpiece, e.g., a brochure, to the electronic account system along with a mailing list of physical addresses for a group of customers having electronic accounts. The electronic account system can create a mailing list of e-mail addresses corresponding to the physical addresses using each customer's electronic account. The mailpiece can be scanned or otherwise converted into electronic format and delivered to the customers' e-mail addresses. Alternatively, the message could be delivered to a different electronic address, such as a facsimile number or telephone number. This type of service is described below with reference to FIG. 12.

D. Establishing an Electronic Account using an Internet Customer Registration System (ICRS)

1. Customer Registration Process

FIG. 5A is a high level block diagram of a system for establishing an electronic account for a customer. A customer 502 at a computer, such as a personal computer, connects to a network 504 to provide registration information to a registration system 506. Network 504 can be, for example, the Internet, and registration system 506 can be, for example, the USPS Internet Customer Registration System. The registration information can include customer name, physical address, e-mail address, telephone number, a public key or other password, and a request for a personal or business electronic account.

After customer 502 provides registration information to registration system 506, a mailpiece 508, such as a confirmation letter, is created and sent to the user at a physical address. The physical address can be one provided by the customer with the registration information. Mailpiece 508 contains an identity validation (IDV) form 510, described with regard to FIG. 5B below. To complete the registration process, customer 502 takes IDV form 510 to a registration office, such as a local Post Office. There, a clerk verifies the customer's identity and uses IDV form 510 to send identification verification information to registration system 506.

FIG. 5B illustrates an embodiment of an identity validation (IDV) form consistent with the present invention. As described above, mailpiece 508 containing IDV form 510 is sent to the customer by registration system 506. When the customer takes IDV form 510 to an identity proofing location, e.g., a local Post Office, a clerk validates the customer's identity and transmits a confirmation to registration system 506.

As shown in FIG. 5B, IDV form 510 can include the customer's physical address, the customer's e-mail address, the location of the nearest registration office, and a date by which the customer must go to the registration office. IDV form 510 can also include a list of identity validation documents that the customer must present at the registration office, such as a driver's license, birth certificate, or utility bill. In one embodiment, the customer can select the identity validation documents when submitting registration information to registration system 506.

IDV form 510 can include a confirmation bar code. The confirmation bar code can be created by the registration system 506 and linked to the electronic account when IDV form 510 is created. Once a clerk validates the customer's identity, for example, by examining the identity validation documents, the clerk can scan the confirmation bar code and send it electronically to registration system 506. When registration system 506 receives the scanned confirmation bar code, the customer's electronic account can be activated. Activation can occur, for example, by sending a digital certificate, password, or other notification to the customer.

In one embodiment of the present invention, two copies of IDV form 510 are sent to the customer: one copy for the customer to take to the registration office and another copy for the customer to retain for his records. IDV form 510 can include a set of instructions and a customer care telephone number that the customer can call if he has any problems. IDV form 510 can also include a signature and date block for the customer to execute as part of the identification validation process at the registration office.

FIG. 6 is a more detailed diagram of a system for establishing an electronic account for a customer. As described above, customer 502 provides registration information to registration system 506 via network 504. Registration system 506 includes an application server 602, a web server 604, and a database server 606. Application server 602 includes software tools to generate dynamic content and execute applications for registration system 506. Application server 602 is described in more detail below with reference to FIG. 7. Web server 604 processes HTML requests to enable communications with customer 502 and to provide data to application server 602 and database server 606.

Database server 606 processes all communications with an Internet Customer Registration System (ICRS) database 608. In one embodiment, ICRS database 608 consists of two logical components: a customer name database 610 and a customer address database 612. Customer name database 610 stores the registration information provided by a customer along with an electronic account number assigned to the customer. Customer address database 612 stores the customer's physical address. In this embodiment, the physical address is stored separately from the customer's name and other information to protect the security of the customer. To create a high level of security, packet filter access can be installed between customer name database 610 and customer address database 612. Consistent with the present invention, the ICRS database could be maintained as a single database.

When registration system 506 receives registration information from customer 502, it stores the registration information in ICRS database 608 as described above. An identification verification (IDV) form generator 614 then extracts data from ICRS database 608 and passes the data to a print and insertion function 616 that generates mailpiece 508 containing IDV form 510. Alternatively, IDV form generator 614 and print and insertion function 616 can be a single process. In one embodiment, the IDV form and mailpiece are generated within 24 hours after the customer's registration information is stored in ICRS database 608.

As described above, customer 502 takes IDV form 510 to a registration office where a clerk verifies, or “proofs,” the customer's identity. The identity proofing can include comparing a photo ID to the customer in person. When the customer's identity is successfully proofed, the clerk scans a confirmation bar code from IDV form 510 and transmits the scanned bar code to registration system 506 via a delivery confirmation host 618. In one embodiment, IDV form generator 614 can send a notification to delivery confirmation host 618 when IDV form 510 is created. When this notification is received, delivery confirmation host 618 can communicate with application server 602 to provide notice that identification verification information is soon to be received. When the scanned bar code is sent to delivery confirmation host 618, application server 602 retrieves this identification verification information from delivery confirmation host 618.

Once the identification verification information is received by application server 602, a request is generated and sent to a digital certificate authority 620, such as, for example, the Certificate Authority (CA) described below with reference to FIG. 35. The request can direct digital certificate authority 620 to generate a digital certificate for customer 502. The request can include, for example, a public key and information provided by customer 502 during the registration process.

A digital certificate is a well-known tool for sending secure messages. A CA issues an encrypted digital certificate containing a customer's public key and a variety of other identification information. The Certificate Authority makes its own public key available through print or perhaps on the Internet. The recipient of an encrypted message uses the CA's public key to decode the digital certificate-attached to the message, verifies the digital certificate as issued by the CA, and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.

FIG. 7 is a block diagram of an application server consistent with the present invention. Application server 602 includes application server software 702, certificate software 704, and address matching engine delivery point/plus 4 (AME DP/+4) system software 706. Application server software 602 processes logic and instructions to support registration system 506. Application server software 702 also includes account number generator software 708 that generates an electronic account number for a customer. In one embodiment, account number generator software 708 is embedded into application server software 702 in the form of a dynamically loadable library so that it becomes part of application server software 702 at run time. In another embodiment, account number generator software 708, can be stand-alone software for generating account numbers. The electronic account number is described in detail below with reference to FIG. 8.

Certificate software 704 is an application programming interface (API)—a tool enabling one piece of software to communicate with another piece of software. Certificate software 704 is used by registration system 506 to construct and submit requests to digital certificate authority 620 and to retrieve a customer's digital certificate from digital certificate authority 620.

AME DP/+4 system software 706 includes an interface to address matching directories and associated software to access those directories. This software can be used to resolve a physical address based on USPS delivery guidelines to create a standardized physical address. In one embodiment, a standardized physical address can meet one of four levels of address standardization. The first level of standardization is ‘delivery point,’ which resolves the address to an unique delivery point. The second level of standardization is ‘plus 4,’ which resolves the address to a valid range of addresses within a plus 4 segment of a ZIP code. The third level of standardization is ‘5 digit,’ which resolves the address to a five-digit ZIP code area only. The fourth level of standardization is ‘last line,’ which resolves the address to a city, state, and ZIP code. The address matching process is described in more detail below with reference to FIG. 9.

FIG. 8 depicts an embodiment of an electronic account number consistent with the present invention. In one embodiment, account number generator software 708 generates a unique electronic account number 802 consisting of ten alphabetical and numeric characters and one check digit, such as a modulus low end check digit. In this embodiment, among the ten alphabetical and numeric characters, no more than three alphabetical characters can be strung together to prevent having profanity inserted into the electronic account number.

FIG. 8 depicts six exemplary formats for an electronic account number. Consistent with the present invention, any other format providing a unique identifier can be used, including formats with fewer or more than ten characters. The electronic account number can be stored in customer name database 610 and used to link the customer's name and other information to the customer's physical address.

2. Address Matching Process

FIG. 9 is a flowchart of an address matching process performed by a registration system consistent with the present invention. A physical address 902 is received by AME DP/+4 software 706 and is passed to an address matching engine 904. For instance, the address can be received from a customer via Web server 604. Address matching engine 904 processes the physical address to create a query 906 and sends query 906 to an address matching directory (AMD) database 908. Query 906 is used to retrieve a standardized address stored in AMD database 908. Standardized address information 910 can include the standardized address and/or a corresponding delivery point identification (DPID) key that points to the location in AMD database 908 where the standardized address can be found. Standardized address information 910 is passed back to address matching engine 904, where it can be sent to ICRS database 608. If a DPID key cannot be determined via the address matching engine process, a flag can be set to send feedback to an address management office or other service personnel.

FIG. 10 is a block diagram of standardized address information processed by an address matching engine consistent with the present invention. Standardized address information 910 can include a standardized address and related information, including a DPID key. The DPID key can be used to access a storage location in a master address database as described below. The DPID key can be stored with the electronic account information in ICRS database 608.

FIG. 11A depicts an embodiment of the relationship between an ICRS database and a master address database. ICRS database 608 can store a DPID key with a customer's electronic account information. To obtain updated address information, ICRS database 608 can use DPID key 1102 to access master address database 1104 and obtain the address 1106 corresponding to DPID key 1102. In this way, an electronic account system consistent with the present invention can perform periodic address updates and quality control processes on ICRS database 608. Using the DPID key in this embodiment keeps ICRS database 608 up-do-date with having to perform multiple address matching engine processes (as described in FIG. 9).

FIG. 11B depicts an alternative embodiment of the relationship between an ICRS database and a master address database. If ICRS database 608 does not store a DPID key with a customer's electronic account information, it can obtain one by submitting a physical address 1108 to a static monolithic address database 1110. Static monolithic address database 1110 can then use an address matching engine (as described in FIG. 9) to obtain a DPID key 1112 from master address database 1104. DPID key 1112 is then returned to ICRS database 608.

FIG. 11C depicts another alternative embodiment of the relationship between an ICRS database and a master address database. If ICRS database 608 does not store a DPID key with a customer's electronic account information, it can send a physical address 1114 directly to master address database 1104. DPID key 1116 is then returned to ICRS database 608.

3. Services Based on Internet Customer Registration System

FIG. 12 is a block diagram of a bulk mailing service using an Internet customer registration system consistent with the present invention. As described above, customer 502 uses a computer to access registration system 506 via network 504. Registration system 506 includes ICRS database 608, which can be accessed by an e-mailbox repository 1210 to provide e-mail services to customer 502. A sender wishing to communicate with a plurality of customers having electronic accounts can submit a file 1202 containing a physical address file and a content file. The physical address file can be, for example, a mailing list, and the content file can be, for example, an advertisement.

The physical address file is processed in an address matching system 1204 as described above to obtain standardized physical addresses for the customers. The standardized physical addresses are processed by a key generator 1206 to obtain keys for accessing ICRS database 608. Using keys created by key generator 1206, ICRS database 608 is queried at 1208 to create an e-mail address mailing list 1210 corresponding to the physical address file. The content file is combined with e-mail address mailing list 1210 to facilitate an electronic mailing 1212. Electronic mailing 1212 is sent to an e-mail routing system 1214 that sends electronic mailing 1212 to e-mailbox repository 1216 for delivery to the plurality of customers. E-mail routing system 1214 may also provide a status report of e-mail delivery to the sender that provided file 1202.

FIG. 13 is a block diagram of services using a customer registration system consistent with the present invention. Electronic account 104 and registration system 506 can enable customers to access an electronic mailbox (or e-mailbox) service 1302 and other services 1304 such as mailing online, electronic bill presentment and payment, etc. Electronic mailbox services 1302 can include a secure electronic mailbox, described in more detail below.

FIG. 14 is a block diagram of services that can be provided as part of an electronic mailbox consistent with the present invention. E-mailbox service 1302 can receive and store different types of messages, including advertisement messages 1402, e-mail messages 1404, electronic postmark (EPM) messages 1406, and secure electronic mailbox (SEM) messages 1408. Other types of messages could also be received and stored consistent with the present invention. In one embodiment, some types of messages, such as EPM messages and SEM messages can be accessed only via a password or a digital certificate key. In this way, the customer can select different levels of security for different types of messages.

FIG. 15 is a block diagram of an advertisement filtering service that can be provided as part of an electronic mailbox consistent with the present invention. Advertisement messages 1402 could be filtered according to the customer's preferences. A customer could specify certain types or categories of advertisement messages to be accepted by the e-mailbox. For example, a customer may wish to receive advertisement messages from automobile companies but no others or to receive no advertisements at all.

FIG. 16 is a block diagram of an e-mail service that can be provided as part of an electronic mailbox consistent with the present invention. Conventional e-mail messages can be received and stored in e-mail message section 1404 of e-mailbox 1302. E-mail message section 1404 can include an in-box, out-box, and trash section as found in conventional e-mail systems.

FIG. 17 is a block diagram of an electronic postmark service that can be provided as part of an electronic mailbox consistent with the present invention. An electronic postmark service is described in U.S. patent application Ser. No. 09/675,677 entitled Systems and Methods for Authenticating an Electronic Message, filed on Sep. 29, 2000 and incorporated herein by reference.

FIG. 18 is a block diagram of a secure electronic mailbox that can be provided as part of an electronic mailbox consistent with the present invention. The secure electronic mailbox service is described in more detail below with it reference to FIG. 20.

4. User Interfaces for Internet Customer Registration System

FIGS. 19A-19W are screen shots of a user interface for a registration system consistent with the present invention. These screen shots can be, for example, HTML documents stored in registration system 506 and presented by web server 604 to customer 502 at a computer running a browser. Although these user interfaces describe the registration and activation processes in terms of a secure electronic mailbox, these processes can also be used to establish an electronic account consistent with the present invention.

FIG. 19A includes an overview of a secure electronic mailbox as provided by the USPS consistent with the present invention. Although the figures describe an electronic account system provided by the USPS, the present invention could be practiced by a non-USPS entity without departing from the spirit and scope of the invention. FIGS. 19B and 19C contain instructions to the customer for establishing an electronic account using registration system 506. FIGS. 19D-19F contain a sample privacy and certification policy for use with an electronic account system.

FIG. 19G is a user interface for collecting registration information from a customer consistent with the present invention. The user interface shown has two sections: individual information and e-mail address selection. The individual information section provides text boxes and/or drop-down lists for the customer to enter: full name, including first name, middle initial, and last name; title, such as Mr. or Miss; suffix title, such as Jr., Sr., II or III; date of birth, including month, day, and year; home phone; and work phone. The e-mail address selection section includes text boxes and/or drop-down lists for the customer to enter a first, second, and third choice of a vanity e-mail address along with a password for the e-mailbox. The user interface asks the customer to reenter the password to ensure that it is accurately captured. This section also enables the customer to choose a shared secret, which can consist of an adjective, a noun, and a verb. The shared secret can serve as a master password for the registration system and helps to identify the customer in the future. For example, the shared secret can be used by the customer to gain access to the customer's digital certificate later in the registration process.

FIG. 19H is a user interface that is displayed to the customer if the vanity e-mail address selected is unavailable. The user interface can offer suggestions of available e-mail addresses and a text box to receive the customer's alternate selection.

FIG. 19I is a user interface for obtaining physical address information from the customer. The user interface provides text boxes and/or drop-down lists for the user to input a residential address, including: address type, house number, street name, apartment/suite identifier and number, city, state, and ZIP code. A set of “radio buttons” is also provided for the customer to indicate whether the mailing address (i.e., physical address) is the same as the residential address. The address type field can be used to trigger data capture tools, such as a set of templates for various address types, including Post Office box address, street address, etc.

FIG. 19J is a user interface for obtaining identity validation information from the customer. The customer is prompted to select two forms of identification to be used in the identification verification process. A drop-down list of acceptable identification documents is presented. The acceptable identification documents can include a photo identification, e.g., driver's license, passport, military ID, etc., and a secondary ID, e.g., utility bill, telephone bill, etc. Based on the type of identification document that the customer selects, different data can be captured, including a control number, expiration date, etc.

FIG. 19K is a user interface for displaying registration information to the customer. This user interface displays the information that has been provided by the customer and enables the customer to edit the information if needed and to print the information to retain for his records before proceeding with the rest of the registration process. In one embodiment, the physical address that is presented has been processed by the address matching system described above. In other words, the standardized physical address is presented. In this embodiment, if the address matching system could not resolve the physical address to a delivery point or plus 4 level, asterisks and a message can be displayed to inform the customer that the physical address is not fully resolved.

FIG. 19L is a user interface for explaining a private key system to the customer. The private key is to be generated by browser software running on the customer's computer at the direction of the registration system. The private key will be used by the customer to access the digital certificate to activate the customer's electronic account. The user interface presents a drop-down list for the customer to select an encryption strength, if the customer's browser supports different levels of encryption.

FIG. 19M is a user interface for generating a private key for the customer. This user interface enables the customer to click ‘okay’ to continue with the private key process or to click ‘cancel’ to stop.

FIG. 19N is a user interface for establishing a password for the customer's private key. Because the private key will enable access to the customer's digital certificate, and therefore the electronic account, the customer is encouraged to establish a password to protect the private key. This user interface enables the customer to select a password and enter a confirmation copy of the password before continuing.

FIG. 19O is a user interface presented to a customer declining to establish a password for the private key. This user interface informs the customer that a password can be established at a later time and enables the customer to continue the registration process without establishing a password for the private key.

FIG. 19P is a user interface for instructing the customer about the in-person identity validation process. Once the online application process, or registration process, is complete, a temporary or inactive status is assigned to the customer's electronic account. This user interface displays a date on which an identity validation form will be mailed to the customer and explains that the customer will need to take the identity validation form and the chosen identification documents to a registration office to complete the in-person identity validation process.

FIG. 19Q is a user interface for beginning the activation process for the customer's electronic account. Once the customer completes the in-person identity validation process, the customer can activate the electronic account. To begin the activation phase, the customer can use this user interface to enter the vanity e-mail address.

FIG. 19R is a user interface for capturing the customer's shared secret to activate the customer's electronic account. The customer is prompted to enter the shared secret selected during the online registration process.

FIG. 19S is a user interface for accepting a certification practice statement. A certification practice statement is a statement of rules and regulations governing the use of a digital certificate. Once the customer has read the statement, he can click the ‘accept’ button to continue or the ‘quit’ button to stop.

FIG. 19T is a user interface for presenting a digital certificate to the customer. This user interface displays a name for the digital certificate and enables the customer to provide a different name, if desired.

FIG. 19U is a user interface for saving the digital certificate. The user interface explains the importance of saving a copy of the digital certificate and enables the customer to save it in a safe location or on a floppy disk, for example. The digital certificate can be downloaded into the customer's browser, onto a Smart Card, or onto a digital certificate holding device.

FIG. 19V is a user interface for activating the electronic account. Once the customer has received the digital certificate, this user interface enables the customer to confirm that the digital certificate has been installed properly on his computer. A customer care phone number is displayed in case the customer has any problems.

FIG. 19W is a user interface for completing the electronic account registration process. This user interface displays a message informing the customer that the electronic account has been activated.

E. Providing a Secure Electronic Mailbox

1. Overview of Secure Electronic Mailbox

One of the services available through an electronic account consistent with the present invention is a secure electronic mailbox (SEM). The SEM can be provided as part of an e-mailbox linked to the electronic account as described above. Electronic messages can be sent to a customer using the SEM. Unlike a conventional electronic mailbox, the SEM can provide a number of services in addition to receiving and displaying electronic messages. For example, the SEM can enable filtering of messages, notification when a message is received and/or viewed, and electronic bill presentment and payment. The SEM can offer various levels of security using, for example, message authentication, time and date seals, and digital certificates.

FIG. 20 depicts some classes of messages that can be processed by a secure electronic mailbox (SEM). SEM 2002 can process a bill, such as a mortgage bill, utility bill, etc. from a biller 2004, i.e., a biller, a biller's representative, or a biller service provider. SEM 2002 can process bills from a plurality of bill consolidators 2006 and 2008. SEM 2002 can also process legal communications and legal documents 2008, such as patent applications, wills, etc. Other documents 2010 can also be processed by SEM 2002. In one embodiment of the present invention, all of a customer's bills (regardless of their source) are consolidated and presented to the user with a single user interface, or bill manager. Similarly, payment options can be consolidated and presented to the user with a single user interface, or payment manager. In this embodiment, a customer can manage all of his bills in one, seamless interface, without having to know the source of the bills.

FIG. 21 is a block diagram of a system for enabling a customer to approve or disapprove electronic messages using a secure electronic mailbox. When SEM 2002 receives SEM input 2102, such as an electronic bill or advertisement, SEM input 2102 can be stored in an SEM database 2104, as described below. By accessing SEM database 2104, a customer can view SEM input 2102 and approve or disapprove it 2106. For example, if SEM input 2102 is an electronic bill, approval might indicate that the bill should be paid using the electronic account and disapproval might indicate that the bill should not be paid. The customer communicates approval or disapproval 2106 to SEM database 2104, which in turn reports the customer's decision as SEM output 2108. SEM 2002 thus enables a customer to interact with senders of electronic messages indirectly, adding security and privacy protections.

2. Detailed Description of Secure Electronic Mailbox

FIG. 22 is a flowchart of secure electronic mailbox processing consistent with the present invention. A customer can connect to secure electronic mailbox 2002 via a website, e.g. usps.com, or other portal on a network (step 2202). If the customer does not have a mailbox, i.e., a SEM, (step 2204), then the customer will be prompted to register for an electronic account and an SEM (step 2206). The customer can then perform the registration process described above to establish an electronic account and SEM (step 2208).

If the customer has a mailbox (step 2204), the customer is prompted to login to the mailbox (step 2210) to give the customer access to SEM services. As part of the login process, the customer is authenticated by the electronic account system using, for example, a digital certificate or private key (step 2212). An embodiment of a certificate authority for performing this authentication is described in more detail below.

If this is the customer's initial login (step 2212), i.e., the first time the customer has accessed the mailbox, the customer is prompted to set up a profile (step 2214). The profile is linked to the customer's mailbox and can indicate the services the customer would like to access and other profile menu options (step 2216). The profile menu options can include screen appearance, such as background color or toolbars, and other options as appropriate.

If this is not the customer's initial login, and if the customer was successfully authenticated, then the customer is given access to the mailbox and the customer is prompted to select an SEM service (step 2218). Here the customer can select one of the different types of services available through the customer's electronic account and SEM including: EPM mail, Internet mail, advertisements, bill payment, forms, government services, etc.

The different services can be provided using, for example, different storage folders within the SEM. The customer can select an EPM mail folder (step 2220) that contains mail having an electronic postmark (EPM). The customer can select an Internet mail folder (step 2222) that contains Internet mail and may or may not include security. An advertisement, or ads, folder that contains advertisements can be chosen (step 2224). The advertisements can be, for example, targeted advertisements sent by an advertiser. The advertisements may be filtered, as described above with reference to FIG. 15.

The customer can select a bills folder (step 2226) that contains bills from billers and/or bill consolidators that participate in an electronic bill presentment and payment (EBPP) system via the SEM. The customer can select a forms folder (step 2228) containing electronic forms from companies and/or government agencies, such as tax forms or driver's license renewal forms. The customer can select a folder of government services (step 2230) containing, for example, links to government sites such as the Internal Revenue Service. The customer can also access other services (step 2232) consistent with the present invention.

When the customer selects either Internet mail (step 2222) or certified mail (step 2220), the customer has a selection of actions to choose from. The customer can choose to create mail (i.e., an electronic message) (step 2234). As part of the mail creation process, the customer may add attachments to the mail or use a spell-checking program. The customer can choose to forward mail (step 2236) or reply to the sender of a message (step 2238). The customer can also choose to view a message (step 2240). This action allows the customer to view the contents of a message and open or save attachments. If the customer chooses to create mail (step 2234), forward mail (step 2236), or reply to mail (step 2238), the customer is prompted to address the mail (step 2242) by selecting a name from an address book or otherwise providing an address for the message. The sender can use the secure electronic mailbox to send a message to a recipient at a physical and/or electronic address. Once the message is addressed (i.e., to either a physical or an electronic address), the user can send the message (step 2244).

To send the message, the customer can select delivery options (step 2246), including options such as “delivery notification” or “electronic delivery.” If the addressee of the message has an electronic account, the customer can choose “physical delivery” and the message will be printed and delivered in physical form to the addressee's physical address. In addition to delivery options, the customer can select a priority (step 2248) such as “high priority” or “urgent.” The customer can choose to postmark the message with an EPM. The customer can also choose to encrypt the message (step 2250) before it is sent. This allows the customer to encrypt a message for privacy and to prevent a third party intercepting the message from reading it. The user can choose to sign the message (step 2252), for example, by attaching a digital signature to the message. Then, the message is sent (step 2253).

If the customer chooses to view a message (step 2240), the customer can select a service to detect tampering (step 2254). This allows the customer to verify whether a message has been tampered with since it was signed by the sender. The tampering detection process can access a secure time and date seal function (step 2256) such as an electronic postmark (EPM) system as described in U.S. patent application Ser. No. 09/675,677, entitled Systems and Methods for Authenticating an Electronic Message, filed on Sep. 29, 2000. The customer can also choose to apply a time and date seal (e.g., an EPM) to all inbound messages (step 2258). This option will direct the SEM to automatically attach a time and date seal (e.g., an EPM) to a message when it is received by the SEM. The customer can have the option to use the time and date seal (e.g., the EPM) as a filter for received mail, for example by setting this as a profile menu option (step 2216).

Several components of the electronic account system can be used to perform the tasks depicted in FIG. 22. A Create and Activate Mailbox component 2208 contains a registration system such as the Internet Customer Registration System described above. Create and Activate Mailbox component 2208 can automatically create a mailbox once the customer has completed the online registration process. The mailbox can be created, for example, by designating an electronic storage location for the customer. In one embodiment, the mailbox will remain inactive until identification verification is performed as described above. A Profile Management component 2260 can be used to manage the profile information of the customer. This profile information and profile menu options can be stored in a configuration database 2262.

A Mail Management component 2264 can manage messages received by the SEM and allow customers to retrieve, view, save, archive and sort messages. Mail Database 2266 is a storage location for the messages of the SEM. An eAddress Management component 2268 manages a customer's electronic address books, which can be stored in an Address Database 2270. An electronic postmark (EPM) system 2256 can be used to enable the customer to attach a time and date seal (e.g., an EPM) to a message and to detect when a message with a time and date seal (e.g., an EPM) has been tampered with. A Sign and Encrypt component 2272 can be used to enable a customer to digitally sign messages.

-   -   3. Electronic Bill Presentment and Payment

A secure electronic mailbox consistent with the present invention supports many services in addition to electronic message handling. A customer with an electronic account can use an electronic bill presentment and payment (EBPP) service to receive and pay bills electronically. Billers, such as utility companies or credit card companies, can join the EBPP system and submit bills, bill summaries, bill histories, etc. to the customer (i.e., the payer) using the electronic account and SEM systems. An EBPP system consistent with the present invention improves upon conventional electronic bill payment systems in several ways. First, the present invention uses an EBPP system to improve communication and feedback between a biller and a payer. Second, an EBPP system consistent with the present invention is linked to a physical address of the payer enabling flexible communications including physical and electronic mail. Third, because an EBPP system consistent with the present invention is linked to a payer's electronic account, the biller knows that the identity of the payer was verified in person and therefore can be more confident in sending bills and receiving payment via the EBPP system. Fourth, bills from several sources can be consolidated for viewing seamlessly, i.e., without indicating the source of the bill. Payment can be provided to the appropriate biller seamlessly, i.e., without indicating the payment destination to the customer.

FIG. 23 is a flowchart of a process for a customer to enroll in an electronic bill presentment and payment system consistent with the present invention. A payer having an electronic account can send a message requesting enrollment in an electronic bill presentment and payment (EBPP) system (step 2302). The enrollment request can be sent to a secure electronic mailbox (SEM) system consistent with the present invention. If the enrollment request includes a reference to a bank account of the customer, then the EPBB system can access that bank account to automatically pay bills for the payer. The SEM system authenticates the payer using, for example, the digital certificate from the payer's electronic account (step 2304). The authentication process is described in more detail below. When the payer is authenticated, the SEM system retrieves information about the payer, for example, from the payer's electronic account, and sends the enrollment request and payer information to an EBPP system (step 2306). In one embodiment, the EBPP system can send the enrollment request and payer information to a biller and receive an enrollment status from the biller. Once the EBPP system establishes and activates an EBPP account for the payer, the enrollment status is sent from the EBPP system to the SEM system (step 2308) and then to the payer (step 2310).

In an alternative embodiment, the enrollment request can also be initiated by a biller. For example, a payer could sign up for the EBPP system at a biller's web site. The biller-initiated enrollment request would then be sent from the biller to the EBPP system (step 2312) and the biller-initiated enrollment status can be returned to the biller (step 2314).

FIG. 24 is a flowchart of a process for a customer to activate an electronic bill presentment and payment account consistent with the present invention. After the enrollment process, the payer can request activation of the EBPP account by sending an account activation request to the SEM system (step 2402). Before processing the request, the SEM system can authenticate the user with a certificate authority as described below (step 2404). Once the payer is authenticated, the account activation request is sent from the SEM system to the EBPP system along with information from the payer's electronic account (step 2406). The account activation request is then sent to a biller (step 2408). When the biller activates the payer's account, a response is sent from the biller to the EBPP system (stem 2410). The EBPP system sends the account activation status to the SEM system (step 2412) and the SEM system sends it to the payer (2414). The biller could also send out a physical notification of the account activation status directly to the payer (step 2416). In an alternative embodiment, account activation could be initiated by the biller and the biller can be notified of the account activation (step 2418).

FIG. 25 is a flowchart of a process for a biller to register for an electronic bill presentment and payment system consistent with the present invention. To register, a biller sends biller registration information to the electronic bill presentment and payment (EBPP) system (step 2502). The EBPP system processes the biller registration information and sends it through general administrative and marketing processing (step 2504). This step may include, for example, verifying the biller's taxpayer ID number or other identifier or evaluating the biller's accounting software. Once the biller is registered, the EBPP system sends a registration completion notification to the biller (step 2506). Marketing or advertisements can also be sent from the EBPP system to the biller.

FIG. 26 is a flowchart of a process for presenting bills to a customer using the electronic account system. In one embodiment, a biller can submit bill summaries for multiple customers to the electronic account system (step 2602) via a network such as the Internet. Each bill summary may be marked with an EPM and can be stored in a SEM corresponding to a specific customer. When a customer logs into his SEM (step 2604), the customer can view the bill summary (step 2606). The bill summary may be marked with an EPM. The customer can then request, via the SEM system, to view bill details (step 2608). The bill details may be marked with an EPM. The customer can also link directly with the biller to exchange information or pay a bill (step 2610). Using the electronic account system, the customer can submit payment instructions, such as a bank account to be debited or a credit card account to be charged. The electronic account system can notify the biller when a customer has viewed the bill summary and/or bill detail. In an alternative embodiment, the customer can pay view payment information via the SEM system and submit payment instructions directly to the SEM.

FIG. 27 is a flowchart of bill delivery notification consistent with the present invention. A biller can send bill information for a payer having an electronic account to an EBPP system (step 2702). The biller can also send other information for the payer, such as advertisements. The EBPP system formats a bill using the bill information and stores it in the payer's secure electronic mailbox (step 2704). The formatted bill can include an EPM. The SEM can send a notification to the EBPP system when the bill is delivered, i.e., stored in the payer's SEM (step 2706). The SEM can send another notification when the payer views the bill in the SEM. The EBPP system then sends these notifications to the biller (step 2708). In one embodiment, EBPP system can use the bill information from the biller to generate a physical mail piece that is sent to the payer via U.S. mail (step 2710). The EBPP system can also use an electronic postmark (EPM) system to attach an EPM to the bill before it is stored in the payer's SEM (step 2712).

There are many alternative embodiments for storing and presenting bill information to the payer. The electronic account system can store all bill information in the EBPP system (e.g., to bill for SEM services). Alternatively, the EBPP system may store only bill summary information and the payer can communicate directly with a biller to obtain bill details. In another embodiment, the EBPP system may be provided by a third party and offered to the payer via the electronic account system.

FIG. 28 is a flowchart of an embodiment in which the EBPP system stores bill summaries and bill details. The payer can access his SEM to view bill summaries (step 2802) and to view bill details, historical bills, and/or payment information (step 2804). When the payer accesses the SEM, the payer will be authenticated using, for example, a certificate authority (step 2806). In this embodiment, the SEM obtains bill detail (i.e., line by line bill details) and bill summary information (e.g., overall balance due, biller identifier, etc.) from the EBPP system, stored within the electronic account system (steps 2808, 2810). The payer can also obtain historical information such as payment history and past bills.

FIG. 29 is a flowchart of an embodiment in which the biller stores bill details. The payer can access his SEM to view bill summaries (step 2902), bill detail, historical bills and/or payment information (step 2904). When the payer accesses the SEM, the customer will be authenticated using, for example, a certificate authority (CA/PKI) (step 2906). In this embodiment, the SEM obtains bill detail (i.e., line by line bill details) and bill summary information (e.g., overall balance due, biller identifier, etc.) from the EBPP system (step 2908), which in turn obtains bill details from a remote biller, e.g., via a network. (step 2910). The payer can also obtain historical information such as payment history and past bills.

FIG. 30 is a flowchart of an embodiment in which an EBPP system is provided by a third party 3001 and offered to the payer via the electronic account system. The payer can access his SEM to view bill summaries and bill detail (step 3002) and to view historical bills and/or payment information (step 3004). The bills may be issued by a plurality of billers, but the bills can be consolidated and presented to the payer using a single, seamless user interface. When the payer accesses the SEM, the customer will be authenticated using, for example, a certificate authority (step 3006). In this embodiment, the SEM obtains bill detail (i.e., line by line bill details) and bill summary information (e.g., overall balance due, biller identifier, etc.) from a third-party EBPP system (step 3008), which in turn obtains bill details from a remote biller, e.g., via a network. (step 3010). The payer also can also obtain historical information such as payment history and past bills.

FIG. 31 is a flowchart for processing an electronic payment consistent with conventional systems. To pay a bill electronically, a payer sends payment authorization to a financial processor such as, for example, Checkfree (step 3102). The financial processor sends the payment authorization to the payers bank (step 3104). The payment authorization can include a payer's bank account designation and a biller's bank account number. The payer's bank can send payment to the biller's bank (step 3106), e.g., by electronically transferring money to the biller's bank account. The payer's bank can then send a transaction confirmation to the financial processor (step 3108). Alternatively, the financial processor can send payment directly to the biller's bank (step 3110). The financial processor can send the transaction confirmation to the payer (step 3112). Once payment is received, the biller's bank can send payment notification to the payer (step 3114).

FIG. 32 is a flowchart of one embodiment of a method for processing an electronic bill payment method using the present invention. A payer sends payment authorization to his SEM (step 3202). The SEM can apply an electronic postmark (EPM) to the payment authorization for added security (step 3204). The SEM sends the payment authorization to the EBPP system (step 3206), which is part of the electronic account system in this embodiment. The EBPP system in turn sends the payment authorization to a financial institution (step 3208). This method is an improvement over conventional systems in many ways. The inclusion of an EPM on the payment authorization enhances security for both payer and biller. Because the identity of the payer is validated before the SEM is activated, the biller has increased confidence when sending bills and receiving payment.

FIG. 33 is a flowchart of another embodiment of an electronic bill payment method consistent with the present invention. A payer sends payment authorization to his SEM (step 3302). The SEM can apply an electronic postmark (EPM) to the payment authorization for added security (step 3304). The SEM sends the payment authorization to the EBPP system (step 3306), which is not part of the electronic account system in this embodiment. The EBPP system in this embodiment could be offered by a third party to the payer via the electronic account system. The EBPP system sends the payment authorization to a financial institution (step 3308).

FIG. 34 illustrates additional services that can be provided through an electronic account consistent with the present invention. Other services 3402 that can be provided via an electronic account include mailing online 3404, NetPost.Certified 3405, shipping online 3406, stamps online 3408, PC Postage 3409, and other services 3410. Mailing online 3404 is a service that receives a content file and an address list from a customer and produces a mailing to each address on the address list. Mailing online can include a Card Store product. NetPost.Certified 3405 enables a customer to download a digital certificate onto a Smart Card for use in authenticating electronic transactions. Shipping online 3406 is a service that enables a customer to ship packages automatically and privately. Stamps online 3408 enables a customer to purchase stamps. PC Postage 3408 enables a customer to purchase and print postage using a computer.

F. Certificate Authority for Proofing Identities

Systems consistent with the present invention provide a certificate authority for proofing the identity of an electronic customer. Using digital certificate software, the electronic account system provides a digital certificate, described in detail below, to a customer after the customer has been verified in-person as part of the electronic account registration process. In this way, a digital certificate consistent with the present invention authenticates the customer's identity in a way that is not available in conventional systems.

FIG. 35 is a block diagram of a system for providing a certificate authority for proofing identities consistent with the present invention. A digital certificate requester 3502 sends a request for digital certificate 3504 to a digital certificate authority 3506. Digital certificate requestor 3502 can be, for example, certificate software or a proofing workstation. In response to request for digital certificate 3504, digital certificate authority 3506 sends a digital certificate 3508 to digital certificate requestor 3502.

FIG. 36 is a block diagram of a digital certificate consistent with the present invention. Digital certificate 3508 includes an identifier of the customer 3602, a certificate serial number 3604, a certificate validity period 3606, a proofing workstation validation 3608, a public key 3610, a certificate issuer identifier 3612, and a certificate status 3614. Certificate status 3614 can be, for instance, active, on hold, or revoked. The digital certificate can be, for example, a well-known CCITT X.500 Section 509 Version 3 certificate.

FIG. 37 is a block diagram of a certificate authority consistent with the present invention. Certificate authority 3506 contains known software to generate digital certificates as described above. In addition, certificate authority 3506 includes at least one proofing server 3702 and at least one proofing workstation 3704. As described above, a customer having an electronic account can conduct electronic transactions and provide a digital certificate to third parties to verify the customer's identity. A third party can request verification of the digital certificate via proofing workstation 3704, such as a kiosk available in a Post Office. Proofing workstation 3704 communicates with proofing server 3702 to verify the digital certificate and returns the verification to the third party via proofing workstation 3704. Thus, certificate authority 3506 enables third parties to proof the customer's identity using a digital certificate.

FIG. 38 is a block diagram of a proofing server consistent with the present invention. Proofing server 3702 includes a certificate directory 3802, a certificate revocation list 3804, and an interface with proofing workstations 3806. Certificate directory 3802 is a list of digital certificates that have been issued by proofing server 3602, e.g., using known digital certificate software. Certificate revocation list 3804 is a list of certificates that have been revoked, e.g., for fraudulent use generated by an electronic account system or a third party. Interface with proofing workstations 3806 includes a private key verifier 3808 that 1 provides security by verifying a private key sent with a verification request from a proofing workstation.

FIG. 39 is a block diagram of a proofing workstation consistent with the present invention. Proofing workstation 3704 can be, for example, a computer or kiosk available in a public place, such as a Post Office. A third party wishing to proof a digital certificate can submit a request to proofing workstation 3704, perhaps accompanied by a fee paid by credit card or smart card. Proofing workstation 3704 communicates with proofing server 3702 to proof the digital certificate and return a validation to the third party. Proofing workstation 3704 includes a central processing unit (CPU) 3902, an input device 3904 (e.g., a keyboard), an output device 3906 (e.g., a printer or monitor), an interface with proofing servers 3908, a memory 3910, a credit card reader 3914, and a smart card interface 3916. Memory 3910 includes a private key 3912. Private key 3912 is sent with proofing requests from proofing workstation 3704 to proofing server 3702 to provide security.

While digital certificates consistent with the present invention use in-person identity validation using identification documents, many different types of identity validation may be used consistent with the present invention. For example, biometric identification, such as fingerprinting or retinal scans, could be used.

Although the preferred embodiments of the present invention have been described in detail herein, it is to be understood that these descriptions are merely illustrative. Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims. 

1. A method for issuing a digital certificate to a user having an electronic account on a network, comprising the steps of: receiving, at a proofing server, a request for a digital certificate from the user with the electronic account; sending, by the proofing server, user information to a proofing workstation via the network; generating, by the proofing server, the digital certificate for the user; setting, by the proofing server, a status of the digital certificate to hold; receiving, by the proofing server, an identification verification from the proofing workstation when the identity of the user has been verified in person at the proofing workstation based on an identification verification form previously sent to a physical address of the user; setting by the proofing server the status of the digital certificate to active in response to the in person identification verification; and storing at the proofing workstation, the digital certificate in the electronic account of the user.
 2. The method of claim 1, further comprising the step of: storing a reference to the digital certificate in a certificate directory at the proofing server.
 3. The method of claim 1, further comprising the step of: setting the status of the digital certificate to revoked.
 4. The method of claim 3, further comprising the step of: storing a reference to the digital certificate in a certificate revocation list at the proofing server.
 5. The method of claim 1, further comprising the step of: receiving a private key from the proofing workstation, when the identity of the user is verified in person.
 6. The method of claim 5, further comprising the step of: verifying the private key before setting the status of the digital certificate to active.
 7. The method of claim 1, wherein the proofing server is a United States Postal Service proofing server.
 8. A system for issuing a digital certificate to a user having an electronic account on a network, comprising: a request receiving component configured to receive, at a proofing server, a request for a digital certificate from the user with the electronic account; a user information sending component configured to send by the proofing server user information to a proofing workstation via the network; a certificate generating component configured to generate the digital certificate for the user; a hold setting component configured to set, by the proofing server, a status of the digital certificate to hold; a verification receiving component configured to receive, by the proofing server, an identification verification from the proofing workstation when the identity of the user has been verified in person at the proofing workstation based on an identification verification form previously sent to a physical address of the user; an active setting component configured to set by the proofing server the status of the digital certificate to active in response to the in person identification verification; and a storing component configured to store at the proofing server the digital certificate in the electronic account of the user.
 9. The system of claim 8, further comprising: a reference storing component configured to store a reference to the digital certificate in a certificate directory at the proofing server.
 10. The system of claim 8, further comprising: a revoked setting component configured to set the status of the digital certificate to revoked.
 11. The system of claim 10, further comprising: a revoked storing component configured to store a reference to the digital certificate in a certificate revocation list at the proofing server.
 12. The system of claim 8, further comprising: a key receiving component configured to receive a private key from the proofing workstation, when the identity of the user is verified in person.
 13. The system of claim 12, further comprising: a key verifying component configured to verify the private key before setting the status of the digital certificate to active.
 14. The system of claim 8, wherein the proofing server is a United States Postal Service proofing server.
 15. A computer readable medium having computer readable code embodied therein for issuing a digital certificate to a user having an electronic account on a network, the computer readable code comprising: a request receiving module configured to receive, at a proofing server, a request for a digital certificate from the user with the electronic account; a user information sending module configured to send by the proofing server user information to a proofing workstation via the network; a generating module configured to generate the digital certificate for the user; a hold setting module configured to set, by the proofing server, a status of the digital certificate to hold; a verification receiving module configured to receive, by the proofing server, an identification verification from a proofing workstation when the identity of the user has been verified in person at the proofing workstation based on an identification verification form previously sent to a physical address of the user; an active setting module configured to set by the proofing server the status of the digital certificate to active in response to the in person identification verification; and a storing module configured to store at the proofing server the digital certificate in the electronic account of the user.
 16. A system for issuing a digital certificate to a user having an electronic account on a network, comprising: means for receiving a request for a digital certificate from the user with the electronic account; means for sending user information to a proofing workstation; means for generating the digital certificate for the user; means for setting a status of the digital certificate to hold; means for receiving an identification verification from the proofing workstation when the identity of the user has been verified in person at the proofing workstation based on an identification verification form previously sent to a physical address of the user; means for setting the status of the digital certificate to active in response to the in person identification verification; and means for storing the digital certificate in the electronic account of the user. 